The Delhi Jal Board (DJB) on Thursday restricted access to sections of its website after the Delhi Police informed them about a new scam that exploited a vulnerability on the site that allowed scammers easy access to residents’ personal information.
Police on Thursday said a majority of online scam reports they have received in the recent past have been regarding the DJB website, as the “Know Your KNO” feature has allowed scammers to access users’ names, addresses, meter status, and mobile numbers of all users, resulting in people losing as much as ₹10 crore to scammers over the past few weeks.
On June 20, HT reported that the feature, intended to help residents find their 10-digit KNO (Key Number of the Connection), allowed anyone to input a partial address and access detailed consumer information — including names, addresses, phone numbers, and connection details. With access to data of up to 2.9 million consumers, scammers allegedly harvested this information to conduct targeted phishing attacks over the past four months.
According to police officials, cybercrime units have been flooded with reports of fraud linked to the DJB website. A significant number of victims reported being contacted by individuals posing as DJB officials, who cited unpaid bills and threatened immediate water disconnection. Using victims’ names, addresses, and accurate billing details, the scammers gained trust before urging them to download malicious APK files to “resolve” pending dues. Once downloaded, the files allowed the scammers to remotely access the victims’ phones and drain their bank accounts.
A senior police official said, “Most victims were told they owed ₹10 or ₹12, making it seem like a minor issue. But once the malware was installed, they lost sums ranging from ₹20,000 to over ₹50,000.”
The scam has emerged as one of the most widespread cyber frauds in the Capital, now accounting for an estimated 20% of all cybercrime reports in Delhi, police said. Some of the fraudulent activity has been traced to cybercrime networks operating out of West Bengal, Uttar Pradesh, and Jharkhand.
Following HT’s report, DJB quietly restricted several key web portals.
As of Thursday, the “Know Your KNO” feature displayed a message reading: “This feature is currently unavailable. To access this service, please visit your respective DJB Zonal Office for assistance.” The “No Dues Certificate” feature was similarly disabled. The “View/Print Latest Bill” section was briefly offline but later restored.
A senior DJB official, speaking on condition of anonymity, confirmed the action was taken this week after repeated alerts from the Delhi Police.
“We had earlier issued a public advisory warning consumers, but scams continued. So, the revenue department head decided to temporarily restrict these features. There is no timeline yet for restoration,” the official said. “For now, people can visit zonal offices to get details or call the helpline.”
The DJB has 41 zonal offices across the city where users can now obtain KNO numbers, billing details, and official certificates. However, the restriction has led to frustration among residents who are now unable to access basic services online, particularly older bills or dues statements needed for property sales, documentation, or verification.
Two senior Delhi Police officers confirmed that they had written to DJB earlier this week urging immediate changes. “We had clear evidence that the portal was being misused to facilitate widespread fraud,” one officer said, citing a case from central Delhi where a man lost ₹2.5 lakh to scammers. Police estimate that at least 100 people fall victim to this scam in a month, though no collated figure was available.
In an advisory issued on June 3, the DJB had acknowledged the issue, stating: “It has been brought to the attention of DJB that its consumers are being contacted through mobile calls/SMS/WhatsApp messages by individuals falsely claiming to be from DJB… All consumers are urged to remain alert.”